light-apiengine-feature/utils/auth/ldap_auth.go

package auth

import (
	"git.qianqiusoft.com/qianqiusoft/light-apiengine/ldap"
	"git.qianqiusoft.com/qianqiusoft/light-apiengine/entitys"
	"git.qianqiusoft.com/qianqiusoft/light-apiengine/logs"
	"git.qianqiusoft.com/qianqiusoft/light-apiengine/config"
	"git.qianqiusoft.com/qianqiusoft/light-apiengine/models"
	"git.qianqiusoft.com/qianqiusoft/light-apiengine/utils"
	"net"
	"fmt"
	"strings"
)
type LdapAuth struct {
	App entitys.ApiEngineInterface
	IAuth
}

func NewLdapAuth(app entitys.ApiEngineInterface) *LdapAuth {
	return &LdapAuth{App:app}
}

func (this *LdapAuth)Login(c *entitys.CtrlContext) {
}

func (this *LdapAuth)Logout(c *entitys.CtrlContext){
}

func (this* LdapAuth)Init(){

	s := ldap.NewServer()

	// register Bind and Search function handlers
	handler := ldapHandler{this.App}
	s.BindFunc("", handler)
	s.SearchFunc("", handler)

	// start the server
	listen :=fmt.Sprintf(":%d", config.AppConfig.LdapPort)
	logs.Info("Starting example LDAP server on %s", listen)
	if err := s.ListenAndServe(listen); err != nil {
		logs.Error("LDAP Server Failed: %s", err.Error())
	}
}

type ldapHandler struct {
	App entitys.ApiEngineInterface
}

///////////// Allow anonymous binds only
func (h ldapHandler) Bind(bindDN, bindSimplePw string, conn net.Conn) (ldap.LDAPResultCode, error) {
	fmt.Println("bind:",bindDN)
	fmt.Println("pwd:", bindSimplePw)

	if bindDN == "cn=qianqiuiot" {
		if bindSimplePw == "qianqiuiot.com" {
			return ldap.LDAPResultSuccess, nil
		}else {
			return ldap.LDAPResultCompareFalse, nil
		}
	}
	userName := bindDN[3:]
	password := bindSimplePw
	var user models.SysUser
	ret, err := h.App.GetBusinessDb("qianqiuiot.com").SQL(models.SqlUserLogin, userName).Get(&user)

	if ret && err == nil {
		md5Pwd := utils.HashPassword(password, "")
		//密码错误
		if !strings.EqualFold(user.Password, md5Pwd) {
			fmt.Println("密码错误")
			return ldap.LDAPResultCompareFalse, nil
		}else {
			fmt.Println("密码正确")
			return ldap.LDAPResultSuccess, nil
		}
	}
	fmt.Println("出错", err)
	return ldap.LDAPResultCompareFalse, err
}

///////////// Return some hardcoded search results - we'll respond to any baseDN for testing
func (h ldapHandler) Search(boundDN string, searchReq ldap.SearchRequest, conn net.Conn) (ldap.ServerSearchResult, error) {
	fmt.Printf("%s,search......%s\n", boundDN, searchReq)
	userName := ""
	if boundDN == "cn=qianqiuiot" {
		if searchReq.Filter == "(objectClass=*)" {
			uid := searchReq.BaseDN
			dn := uid
			if dn == "" {
				dn = boundDN
			}
			entries := []*ldap.Entry{
				&ldap.Entry{dn, []*ldap.EntryAttribute{
					//&ldap.EntryAttribute{"uid", []string{}},
				}},
			}
			return ldap.ServerSearchResult{entries, []string{}, []ldap.Control{}, ldap.LDAPResultSuccess}, nil
		}else {
			start := strings.Index(searchReq.Filter, "uid=")
			end := strings.Index(searchReq.Filter[start:], ")")
			fmt.Println("%d,%d", start, end)
			userName = searchReq.Filter[start+4 : start+end]
			fmt.Println(userName)
		}
	}else {
		userName = boundDN[3:]
	}

	var user models.SysUser
	ret, err := h.App.GetBusinessDb("qianqiuiot.com").SQL(models.SqlUserLogin, userName).Get(&user)

	if ret && err == nil {
		entries := []*ldap.Entry{
			&ldap.Entry{"cn=" + user.LoginId, []*ldap.EntryAttribute{
				&ldap.EntryAttribute{"cn", []string{user.Name}},
				&ldap.EntryAttribute{"uidNumber", []string{user.Id}},
				&ldap.EntryAttribute{"accountStatus", []string{"active"}},
				&ldap.EntryAttribute{"uid", []string{user.LoginId}},
				&ldap.EntryAttribute{"description", []string{user.Name}},
				&ldap.EntryAttribute{"objectClass", []string{"posixAccount"}},
			}},
		}
		return ldap.ServerSearchResult{entries, []string{}, []ldap.Control{}, ldap.LDAPResultSuccess}, err
	}else {
		return ldap.ServerSearchResult{nil, []string{}, []ldap.Control{}, ldap.LDAPResultCompareFalse}, err
	}
}